Abstract
Security of local area networks (LANs) attract enormous attention these days. LANs are not safe even under a well-configured firewall, because malware can be easily delivered through network applications. Thus we need to take counter measures against malicious activities by focusing on each device itself. However, we cannot adopt many of existing methods to the devices which have limited resource capacity like IoT. Accordingly, we consider that the request pattern of address resolution protocol (ARP) may provide some indicators for finding such malicious activities without putting a burden on each device. In this paper, We propose a method to detect malicious network activity by ARP monitoring. The detection method is based on a fitting model of ARP request trend. We especially focus on the destination devices of ARP request in outlier detection with the model. We made an experiment with a data of monitored ARP requests in our network. We also discuss parameter tuning and validity of the model based on three notable requirements.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Hou, X., Jiang, Z., Tian, X.: The detection and prevention for ARP spoofing based on snort. In: 2010 International Conference on Computer Application and System Modeling (ICCASM), vol. 5, p. V5-137. IEEE (2010)
Jinhua, G., Kejian, X.: ARP spoofing detection algorithm using ICMP protocol. In: 2013 International Conference on Computer Communication and Informatics (ICCCI), pp. 1–6. IEEE (2013)
Kolbitsch, C., Comparetti, P.M., Kruegel, C., Kirda, E., Zhou, X., Wang, X.: Effective and efficient malware detection at the end host. In: USENIX Security Symposium, vol. 4, pp. 351–366 (2009)
Pandey, P.: Prevention of ARP spoofing: a probe packet based technique. In: 2013 IEEE 3rd International Advance Computing Conference (IACC), pp. 147–153. IEEE (2013)
Whyte, D., Kranakis, E., van Oorschot, P.: ARP-based detection of scanning worms within an enterprise network. In: Proceedings of the Annual Computer Security Applications Conference (ACSAC) (2005)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Matsufuji, K., Kobayashi, S., Esaki, H., Ochiai, H. (2019). ARP Request Trend Fitting for Detecting Malicious Activity in LAN. In: Lee, S., Ismail, R., Choo, H. (eds) Proceedings of the 13th International Conference on Ubiquitous Information Management and Communication (IMCOM) 2019. IMCOM 2019. Advances in Intelligent Systems and Computing, vol 935. Springer, Cham. https://doi.org/10.1007/978-3-030-19063-7_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-19063-7_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-19062-0
Online ISBN: 978-3-030-19063-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)